<?php
//session_start();

// 登录判断
if(empty($__userid) || empty($__username) || empty($__role) || empty($__rolename)
		|| $__s_manager_self['password'] != $__f_password){
	if(!in_array($__mdl, array('login', 'logout', 'check'))){
		$js = $__oManager->logout();
		echo $js;		
		echo "<script type='text/javascript'>top.location='./m.php?mdl=login';</script>";
		exit();
	}
}

// 权限判断
$locked = true;

if($__frm == 'action' && $__mdl == 'index'){
	$default_powers = array('_mp_admin_admin_password', '_mp_admin_admin_setting');
	$power = '_mp_'.(str_replace('.', '_', $_POST['formAction']));
	if(in_array($power, $default_powers) || array_key_exists($power, $_role_info['powers'])){
		if(!empty($_POST['subAction']) && is_array($_POST['subAction'])){
			$__subAction = array_pop(array_keys($_POST['subAction']));
			$__power = '_mp_'.(str_replace('.', '_', preg_replace('/_\w+/', '_'.$__subAction, $_POST['formAction'])));
			if(array_key_exists($__power, $_role_info['powers'])){
				$locked = false;
			}
		}else{
			$locked = false;
		}
	}
}else{
	$act = "{$__mdl}_{$__do}";
	switch($__frm){
		case '': // manager 目录下可直接访问文件列表
			if(in_array($__mdl, array('check', 'index', 'info', 'login', 'logout', 'topnav'))){
				$locked = false;
			}
			break;
		case 'admin': // admin 目录下可直接访问文件列表
			if($__mdl == 'admin' && in_array($__do, array('password', 'setting'))){
				$locked = false;
			}
			break;
		case 'index': // 导航目录下可直接访问文件列表
			if(in_array($__mdl, array('index', 'menu', 'navigation'))){
				$locked = false;
			}
			break;
		case 'system':
			if($__super > 0 && in_array($act, array('manager_switch'))){ // 如果具有超级权限
				$locked = false;			
			}
			break;
		case 'ajax':
			if($__mdl == 'notice'){
				$locked = false;			
			}
			break;
	}
	if($locked){
		$pth = "frm={$__frm}&mdl={$__mdl}&do={$__do}";
		$power = "_mp_{$__frm}_{$__mdl}_{$__do}";
		if(in_array($pth, $_role_info['menu_powers']) || array_key_exists($power, $_role_info['powers'])){
			$locked = false;
		}
	}
	
}

if(strpos(CUR_URL, WEB_URL) === false){
	$locked = true;
}
if($locked){
	//echo "<script type='text/javascript'>alert('{$__l['none']}{$__l['power']}！');/*top.location='./m.php?mdl=logout';*/</script>";
	exit('No power!');
}
?>